O'Reilly logo

Java Security by Scott Oaks

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Identity Scopes

The database that an identity is held in is an identity scope. There can be multiple identity scopes in a Java program, though typically there is only a system identity scope. By default, the system identity scope for all Java programs is read from a file; this file is the database that javakey operates on. But the architecture of an identity scope can be more complex than a single scope.

As Figure 2.1 shows, multiple identity scopes can be nested, or they can be disjoint. This is because an identity scope may itself be scoped—that is, just like an identity can belong to a particular scope, an identity scope can belong to another scope.

Identity scopes

Figure B-1. Identity scopes

This architecture is not as useful as it might seem, since the identity scope class does not give any particular semantics to the notion of a nested identity scope. If you search the system scope in the figure for sdo’s identity, you may or may not find it, depending on how the system identity scope is implemented. That’s because there’s no requirement that an identity scope recursively search its enclosed scopes for any information. And the default identity scope does not do such a recursive search.

This is not to prevent you from writing identity scope classes that use such semantics—indeed, writing such a scope is the goal of this appendix.

The idea of an identity scope, of course, is to hold one or more ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required